Data Processing Addendum
Last updated: April 12, 2026
1. Introduction
This Data Processing Addendum ("DPA") supplements the LookerCenter Terms of Service and governs the processing of personal data by Indisgo ("Processor") on behalf of you ("Controller") when using the LookerCenter service.
2. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person, as defined in Article 4 of the GDPR. "Processing" has the meaning given in the GDPR. "Sub-processor" means a third-party processor engaged by us.
3. Scope of Processing
We process personal data only to provide the Service: fetching Shopify order/customer data and Meta Ads campaign data, and delivering it to Google Looker Studio on your behalf. Data types may include customer names, email addresses, order details, and advertising metrics.
4. Data Security
- OAuth tokens encrypted at rest with AES-256 (pgcrypto)
- All data in transit encrypted via TLS 1.3
- Database hosted on Neon PostgreSQL, EU region
- API response cache limited to 5 minutes, then purged
- Access restricted to authorized personnel only
- Regular dependency audits and security reviews
5. Sub-processors
We use the following sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Hosting, edge functions | USA (Edge: Global) |
| Neon Inc. | PostgreSQL database | EU (Frankfurt) |
| Lemon Squeezy LLC | Payment processing (MoR) | USA |
| Resend Inc. | Transactional email | USA |
| PostHog Inc. | Product analytics | EU |
We will notify you of any changes to sub-processors with at least 30 days notice.
6. Data Subject Rights
We assist you in responding to data subject requests (access, rectification, erasure, portability, restriction, objection). Contact support@lookercenter.com to initiate a request.
7. Data Breach Notification
In the event of a personal data breach, we will notify you without undue delay and no later than 72 hours after becoming aware, providing details of the breach, affected data, and remedial measures taken.
8. Data Retention & Deletion
We retain personal data only as long as necessary to provide the Service. Upon account termination or upon request, we delete all personal data within 30 days, except where retention is required by law. Cached API responses are automatically deleted after 5 minutes.
9. International Transfers
Where personal data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, or other legally recognized transfer mechanisms.
10. Contact
Data Protection Contact: support@lookercenter.com
Indisgo · Sisli, Istanbul 34394, Turkey